[SystemSafety] Software Safety Assessment

Andreoli, Kevin (UK) kevin.andreoli at baesystems.com
Wed Jul 8 12:15:18 CEST 2015 

As a former Software wrangler my response is:


1.       Unless Project B is being produced under a contract which specifies Standard X then the answer to question 1 is no.

2.       I would expect that if Project A was still in use it would be/have been periodically reassessed.  The claim is not necessarily invalid but should be regarded with suspicion.

3.       No.  Project B should be assessed on an up to date standard or checklist, subject to my answer to question 1.

I have never been a Project Manager but I would expect, from 30 years' experience of the breed, that their answers would be different from mine.

Kevin
(As usual my opinions, not those of my employer)

From: systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Carl Sandom
Sent: 08 July 2015 10:54
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: [SystemSafety] Software Safety Assessment


*** WARNING ***
This message originates from outside our organisation, either from an external partner or the internet.
Consider carefully whether you should click on any links, open any attachments or reply.
For information regarding Red Flags that you can look out for in emails you receive, click here<http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Red%20Flags.pdf>.
If you feel the email is suspicious, please follow this process<http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Dealing%20With%20Suspicious%20Emails.pdf>.
*** WARNING ***
This message originates from outside our organization, either from an external partner or the internet. Consider carefully whether you should click on any links, open any attachments or reply. For additional information about Spearphishing, click here<http://intranet.ent.baesystems.com/howwework/security/spotlights/Pages/SpearphishingTips.aspx>. If you feel the email is suspicious, please follow this process.<http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Dealing%20With%20Suspicious%20Emails.pdf>

Consider the following scenario:

In 2004 Project A software was assessed against a safety standard (let's call it Standard X). Standard X had a very prescriptive list of software safety requirements and a simple checklist was used for assessing SIL1 compliance.

In 2014, Project B began to integrate significant new functionality into Project A. Standard X, which was by 2014 an obsolete standard, was used to assess the significantly smaller software baseline of Project B. Under modern scrutiny, the simple Standard X checklist used for Project A in 2004 was not as explicit as it could have been and it was decided to use an improved checklist for Project B.

A couple of important questions can be raised with this scenario:

1. Is it acceptable to use an obsolete safety standard to assess software?

2. Is the SIL1 claim for 10 year old Project A invalid because the checklist could have been better?

3. If Project B used the old checklist from Project A would that be adequate?

I've been having some interesting discussions with the Project Managers involved, any thoughts?

Regards
Carl

_________________________________

Dr. Carl Sandom CErgHF CEng PhD

Director

iSys Integrity Ltd.

+44 7967 672560

carl at isys-integrity.com<mailto:carl at isys-integrity.com>

www.isys-integrity.com<http://www.isys-integrity.com>

_________________________________

********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20150708/c15a24dd/attachment-0001.html>

More information about the systemsafety mailing list